Every day, innocent websites are compromised by malicious hackers. Google identifies almost 10,000 malware-infected websites each day, and half of those are genuine websites belonging to legitimate companies. These companies haven’t done anything wrong, but they find themselves blacklisted by Google, and that’s only the edge of the brutal iceberg.

Hackers inject vicious malware into these sites to infect visitors. They confuse and lure users to dodgy websites and they break in and steal important and often sensitive customer information.

It’s a real and constant problem, but there are easy and simple steps you can take to guard against these attacks and keep your site, your network, and your customers safe and sound.

1. Use strong passwords, keep them secure and change them frequently

We all know that we should choose complex passwords, but sometimes laziness takes over and we slack off. This is a crucial mistake. Obviously, you want to choose exceptionally strong passwords for your server and website admin area, because a vulnerable password here is a free ticket for hackers to cripple your site and do untold amounts of damage.

It can be inconvenient to remember frequently changing passwords, but in the end, it’s a simple solution that can save a lot of headaches in the future. It’s also imperative that you enforce good password practices for your users.

Compromised user accounts are a special hell of their own. Demanding that minimum password requirements are met for registration will force users to make smart choices. Insist on eight characters, at least an uppercase letter and a number or special character. It’s a bit of a hassle, but it’s worth it.

Make sure that any passwords are stored as encrypted values. Ideally, you’ll use a one way hashing algorithm like SHA. This method means that during authentication, only encrypted values are ever compared. In a worst-case scenario, if someone hacks in and steals passwords, this will limit the damage.

They can’t decrypt them, and they will be reduced to attempting dictionary or brute force attacks, trying every single combination until a match comes up. It’s time consuming and computationally expensive and just not worth the effort for most people.

Your wireless network password should be seriously strong, and the network should be protected by Wi-Fi Protected Access 2 (WPA2) rather than WEP (Wired Equivalent Privacy). WEP encryption is brittle and hackable in minutes these days and should never be relied upon.

It’s also imperative to ensure that your PCs are well protected against viruses at all times to prevent password theft.

2. Be discreet with your error messages

Make sure your error messages aren’t giving away too much information. If your website requires a login, you should pay attention to how your error messages deliver the message that their login attempt has failed. A quick-and-simple, very generic message such as “incorrect login information” is your best bet.

It doesn’t tell the user if half the query is right (especially not which half!) When a hacker is attempting brute force attacks to gain access to usernames and passwords and the error message identifies one field as correct, that’s valuable information for him. He then knows that he’s halfway there and can concentrate all his attention and effort on the remaining field. Don’t make it easy for them!

Hackers are quick to exploit any known holes and bugs, and you want to get there first. Sign up to the mailing lists and RSS feeds of all your software vendors. They’ll be the first to alert you to any security issues and their solutions. Find out and follow it up.

4. Limit Use of your Administrator Account

Keep your computer’s admin account for installing updates and software, or for reconfiguring the host when you have to. Don’t go online while logged into your admin account. Non-privileged user accounts are not just for guests and visitors: you should have one yourself for everyday use. If you browse the web and read your email with an admin account, you leave yourself open for an attacker to gain entry and access to your host.

5. Ask the experts

You don’t have to do it all on your own. There are good tools out there for monitoring your own website, but not everyone has the time or inclination to stay on top of security 24/7.

It’s possible to find monitoring services for very reasonable prices. These companies will check for malicious activity, give you an alert if your website shows up on a blacklist, scan your site for vulnerabilities, and be there for support and repairs if you do fall prey to a hack.

If you’re dealing with databases of sensitive customer information that are attached to your site, it’s probably worth it to get an expert in from the start, sweeping your code for bugs and building in extra lines of defense from the ground up. For small businesses, companies such as SiteLock and Stop the Hacker offer packages for under $100 a year.

This guest post was provided by Amanda Gareis on behalf of Drexel University Online. Drexel expanded into the online learning sector in 1996 and now offers its recognized curricula to a worldwide audience. Drexel Online offers degrees in Information Science, Information Technology, and Computing and Security Technology. The university also provides an Information Technology Career and Salary Guide resource for those looking to enter the industry.

Blogroll

Chicago Mac/PC Support
I have twenty five years experience and Apple Certified Technician and Microsoft Certified System Administrator (MCSA). It is my goal to help others by providing this free information.

Confessions of a Pop Culture Addict
Sam Tweedle is a writer and pop culture addict who has been entertaining and educating fans of the pop culture journey for a decade. His writing has been featured in The National Post, CNN.com, and Filmfax magazine.

Digsites – An Interactive Agency
Digsites is a Philadelphia based interactive and internet development company founded in 2005. Our primary focus is set on providing personalized client solutions including Lead Generation Software, Websites, Web Services, Intranets, Social Networks Integ

FindTheBest
FindTheBest is an unbiased, fact-driven decision engine. We organize and present data in a consumer-friendly format so that you can make quick and informed decisions based on what’s important to you.

Guru Habits
You will find an abundance of articles and other resources on this site to help you achieve your personal development goals in many areas of your life. If you are looking for deep discussions on complex psychological theories, you’ll need to look elsew

Kensington SafeZone
This blog is all about physical security, and if you’re an IT Manager or SMB owner, this is the perfect reference for you. Here, you can find commentary on the latest industry news, security best practices and links to our various smart made simple™ s

Malware Removal Guide for Windows
This guide will help you clean your computer of malware. If you think your computer is infected with a virus or some other malicious software, you may want to use this guide.

Stop Badware.org
StopBadware is the only not for profit organization focused on protecting the public from badware websites. From our start as a project of the Berkman Center for Internet & Society at Harvard University, we have been led by top thinkers in the fields

TuneUp (Blog about Windows)
Our blog is written by a team made up of certified Microsoft experts, authors, and editors from major computer magazines. The people behind this blog also head up one of the most successful tuning suites around, called TuneUp Utilities 2011.

Why Evolution Is True
Jerry A. Coyne, Ph.D is a Professor in the Department of Ecology and Evolution at the University of Chicago and a member of both the Committee on Genetics and the Committee on Evolutionary Biology.